Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
MCP Server Kubernetes vulnerable to command injection in several tools High
CVE-2025-53355 was published for mcp-server-kubernetes (npm) Jul 8, 2025
dellalibera
Node.js Sandbox MCP Server vulnerability can lead to Sandbox Escape via Command Injection High
CVE-2025-53372 was published for node-code-sandbox-mcp (npm) Jul 8, 2025
dellalibera
@cyanheads/git-mcp-server vulnerable to command injection in several tools High
CVE-2025-53107 was published for @cyanheads/git-mcp-server (npm) Jun 30, 2025
dellalibera cyanheads
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE High
CVE-2024-34347 was published for @hoppscotch/cli (npm) Apr 22, 2024
oskar-zeinomahmalat-sonarsource mufeedvh
Command Injection in puppet-facter High
CVE-2022-25350 was published for puppet-facter (npm) Jan 26, 2023
Command injection in smartctl High
CVE-2022-21810 was published for smartctl (npm) Jan 26, 2023
mt7688-wiscan is vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25916 was published for mt7688-wiscan (npm) Feb 1, 2023
create-choo-app3 is vulnerable to Command Injection via the devInstall function High
CVE-2022-25855 was published for create-choo-app3 (npm) Feb 6, 2023
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function High
CVE-2022-25853 was published for semver-tags (npm) Feb 6, 2023
bwm-ng vulnerable to command injection High
CVE-2023-26129 was published for bwm-ng (npm) May 27, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization High
CVE-2023-26128 was published for keep-module-latest (npm) May 27, 2023
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function High
CVE-2023-26127 was published for n158 (npm) May 27, 2023
git-commit-info vulnerable to Command Injection High
CVE-2023-26134 was published for git-commit-info (npm) Jun 28, 2023
DSimsek000
Command Injection in lodash High
CVE-2021-23337 was published for lodash (npm) May 6, 2021
mitchell-codecov nitaiapiiro
ebickle
network Arbitrary Command Injection vulnerability High
CVE-2024-21488 was published for network (npm) Jan 30, 2024
Snowflake NodeJS Driver vulnerable to Command Injection High
CVE-2023-34232 was published for snowflake-sdk (npm) Jun 9, 2023
node-qpdf vulnerable to command injection High
CVE-2023-26155 was published for node-qpdf (npm) Oct 14, 2023
gry vulnerable to Command Injection High
CVE-2020-36650 was published for gry (npm) Jan 11, 2023
Command Injection in kill-port High
CVE-2019-5414 was published for kill-port (npm) Mar 25, 2019
Command injection in git-clone High
CVE-2022-25900 was published for git-clone (npm) Jul 2, 2022
lirantal
Madge vulnerable to command injection High
CVE-2021-23352 was published for madge (npm) Mar 12, 2021
window-control vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25926 was published for window-control (npm) Jan 4, 2023
Command Injection in local-devices High
GHSA-w725-67p7-xv22 was published for local-devices (npm) Sep 3, 2020
tdunlap607
pullit vulnerable to command injection High
CVE-2018-25083 was published for pullit (npm) Sep 3, 2020
lirantal
Injection and Command Injection in devcert High
CVE-2020-8186 was published for devcert (npm) May 18, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database